Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Flaw Opens Routers to Attack

Posted by CowboyNeal on from the right-where-it-hurts dept.

Jack writes "Cisco is suffering from a serious flaw in its router operating system, which might allow execution of remote code: 'Cisco has warned of a new flaw in its IOS router operating system which might be used by attackers to launch denial of service attacks or take over IOS-based devices. The flaw causes to buffer overflow due to incorrect handling of user authentication credentials.'"

8 of 109 comments (clear)

  1. is this the flaw Michael Lynn tried to tell about? by Gruturo · · Score: 2, Interesting

    Is this the flaw Cisco was trying to keep secret and that caused Michael Lynn to resign his job in order to be free to speak about?

    Appeared a little over a month ago right here

    --

    Vacuum cleaners suck. Kings rule.
  2. Re:Latest Viruses by ackthpt · · Score: 2, Interesting
    The latest viruses are getting pretty creepy. On the public network where I work, we recently plugged a Windows XP laptop in that had just been installed without anti-virus. There are apparently so many viruses going around on our network that within 10 minutes, the computer had 12 viruses that were picked up just through viruses that connect in remotely through ports that have not been "firewalled".

    Sounds like your problem isn't the PC, Windows or your network, but your network practices. We're pretty good about stripping attachments, filtering spam and having firewalls in place, but the extra yard is taking a PC off someone's desk and making sure many people around them know just who was doing what to bring the beastie in.

    I was having trouble with a connection, last December and disabled my firewall. Within 40 seconds something had already got in. The firewall went back up and I sorted the problems out with it in place.

    --

    A feeling of having made the same mistake before: Deja Foobar
  3. Further... by burtdub · · Score: 3, Interesting

    A Crisco flaw has left the routers open to deep pan frying.

  4. Re:sssshhhhh by jshaped · · Score: 2, Interesting

    and yet still, it is obvious you cannot see my sense of humor.

  5. Re:Small companies? by hal9000(jr) · · Score: 3, Interesting

    Read the advisory.
    The affected subsystem is not the firewall, but the authentication proxies for ftp and telnet. It is doubtful that those features are being used all that much.
    The advisory also list a set of ACL that should suffice in most cases until a patch is issued.
    If this was a problem in the firewall or ACL subsystem, it would be a bigger issue because many companies use them to place a reduced ruleset for all traffic that should be blocked in all directions like netbios, snmp, etc.

  6. It's a Mitzvah by putko · · Score: 2, Interesting

    This SHOULD happen.

    It's a Mitzvah that this befalls Cisco. As previously mentioned here, they have no trouble ruining the lives of those who attempt to help make a more secure world by improving their product.

    A pox on their house.

    It is allowed that hackers make worms that exploit Cisco hardware and disrupt the businesses of those who stupidly subsidize such misanthropic activities.

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
    1. Re:It's a Mitzvah by Anonymous Coward · · Score: 1, Interesting

      You do realize that the post you just made probably had to pass through a Cisco router before it arrived here, right?

  7. read between the lines by timmarhy · · Score: 2, Interesting

    look at the hidden meaning here. cisco censor a security researcher, and now they have a new vunerability on their hands. get ready for an avalanche of these has angry hackers make an example of cisco.

    --
    If you mod me down, I will become more powerful than you can imagine....